Overview

overview

10

Static

static

51e5d9df86...05.exe

windows7-x64

10

51e5d9df86...05.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    51e5d9df867d1e8eab396d01821398748393968f62992cfe94da48b3b2008a05

  • Size

    452KB

  • Sample

    221127-j4vmrafe4z

  • MD5

    d94071cc7092986d52903d1443421aeb

  • SHA1

    45d4f98b528d7c2820d98da77e4c564f03c426e3

  • SHA256

    51e5d9df867d1e8eab396d01821398748393968f62992cfe94da48b3b2008a05

  • SHA512

    66f232361bb7549124fe6b7a962b33518e3a73c1480f11bac695b12c9d7515a067cd87dfbaafa84321c7ee851c70b60b040a212073c36f45267eb6cf33495577

  • SSDEEP

    12288:tdOKIut/dpyKpxi2A/AQDWYs7Is+uMpu4x:D7t/dpni4QGIE2u

Score
10/10
luminositypersistencerat

Malware Config

Targets

    • Target

      51e5d9df867d1e8eab396d01821398748393968f62992cfe94da48b3b2008a05

    • Size

      452KB

    • MD5

      d94071cc7092986d52903d1443421aeb

    • SHA1

      45d4f98b528d7c2820d98da77e4c564f03c426e3

    • SHA256

      51e5d9df867d1e8eab396d01821398748393968f62992cfe94da48b3b2008a05

    • SHA512

      66f232361bb7549124fe6b7a962b33518e3a73c1480f11bac695b12c9d7515a067cd87dfbaafa84321c7ee851c70b60b040a212073c36f45267eb6cf33495577

    • SSDEEP

      12288:tdOKIut/dpyKpxi2A/AQDWYs7Is+uMpu4x:D7t/dpni4QGIE2u

    Score
    10/10
    luminositypersistencerat

    • Luminosity

      Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

      ratluminosity

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks